package com.cy.jt.security.util.controller;

import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.User;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class ResourceController {
//    @PreAuthorize("hasRole('admin')")
    @PreAuthorize("hasAuthority('sys:res:create')")
    @RequestMapping("/doCreate")
    public String doCreate(){
            return "create resource (insert data) ok";
        }

    @PreAuthorize("hasAuthority('sys:res:delete')")
    @RequestMapping("/doDelete")
    public String doDelete(){
        return "create resource (insert data) ok";
    }

    @PreAuthorize("hasAuthority('sys:res:retrieve')")
    @RequestMapping("/doRetrieve")
    public String doRetrieve(){
        return "query resource (seclect data) ok";
    }

    @PreAuthorize("hasAuthority('sys:res:update')")
    @RequestMapping("/doUpdate")
    public String doUpdate(){
        return "update resource (update data) ok";
    }

    @RequestMapping("/doRetrieved")
    public String doRetrieved(){
        return "queryed resource (seclected data) ok";
    }

    /**
     * 获取登录用户信息
     * 1）*/
    @GetMapping("/doGetUser")
    public String doGetUser(){
        //从session中获取用户认证信息
        Authentication authentication =
                SecurityContextHolder.getContext().getAuthentication();
        User principal = (User)authentication.getPrincipal();
        System.out.println("principal" +"  11  " + principal.getClass());
        System.out.println(principal.getUsername()+principal.getAuthorities());
        return principal.toString();
    }
}
